RDS DB Instance Encryption at Rest Enabled Rule

This rule ensures enabling encryption at rest for RDS DB instances.

Rule	RDS DB instance encryption at rest should be enabled
Framework	NIST 800-53 Revision 5
Severity	✔ Low

Rule Description:

RDS DB instance encryption at rest should be enabled in accordance with NIST 800-53 Revision 5 compliance. This rule ensures that data stored on an Amazon RDS DB instance is encrypted, providing an additional layer of security and compliance with the NIST 800-53 Revision 5 standard.

Troubleshooting Steps:

If encryption at rest is not enabled on the RDS DB instance, follow these troubleshooting steps:

1.
Check if encryption at rest is enabled by logging into the AWS Management Console.

2.
Navigate to the Amazon RDS service.

3.
Select the desired RDS DB instance.

4.
In the "Encryption & IAM" tab, check the "Encryption at rest" option.

5.
If encryption at rest is not enabled, proceed to the next step.

Necessary Codes:

No necessary codes are required for this rule.

Remediation Steps:

To enable RDS DB instance encryption at rest and comply with NIST 800-53 Revision 5, follow the steps below:

1.
Open the AWS Management Console.

2.
Go to the Amazon RDS service.

3.
Select the RDS DB instance that needs to be encrypted.

4.
Click on the "Encryption & IAM" tab.

5.
Under the "Encryption" section, click on the "Modify" button.

6.
Select the option to "Enable" encryption at rest.

7.
Choose the appropriate master key for encryption using AWS Key Management Service (KMS).

8.
Click on the "Continue" button.

9.
Review the changes and click on the "Modify DB Instance" button to save the modifications.

10.
Wait for the modification to complete. This may take a few minutes.

11.
Verify that encryption at rest is enabled by checking the status in the "Encryption & IAM" tab.

Note: Enabling encryption at rest may cause a brief outage for the RDS DB instance during the modification process. It is recommended to perform this action during a maintenance window or when there is minimal impact on the application.

CLI Command:

There are no specific CLI commands for this rule. The encryption at rest feature can be enabled through the AWS Management Console as described above.

RDS DB Instance Encryption at Rest Enabled Rule

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Description:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}CLI Command:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Rule Description:

Troubleshooting Steps:

Necessary Codes:

Remediation Steps:

CLI Command:

Is your System Free of Underlying Vulnerabilities?
Find Out Now